package com.junmo.oauth.config.authorization;//package com.junmo.oauth.config.security.authorization;
//
//import lombok.AllArgsConstructor;
//import lombok.extern.slf4j.Slf4j;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.security.access.AccessDecisionManager;
//import org.springframework.security.access.SecurityMetadataSource;
//import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
//import org.springframework.security.access.intercept.InterceptorStatusToken;
//import org.springframework.security.web.FilterInvocation;
//import org.springframework.stereotype.Component;
//
//import javax.servlet.*;
//import java.io.IOException;
//
///**
// *
// * 继承AbstractSecurityInterceptor、实现Filter是必须的;
// * 首先，登陆后，每次访问资源都会被这个拦截器拦截，会执行doFilter这个方法，这个方法调用了invoke方法，其中fi断点显示是一个url
// * 最重要的是beforeInvocation这个方法，它首先会调用MyInvocationSecurityMetadataSource类的getAttributes方法获取被拦截url所需的权限
// * 在调用MyAccessDecisionManager类decide方法判断用户是否具有权限,执行完后就会执行下一个拦截器
// *
// */
//@Component
//@Slf4j
//@AllArgsConstructor
//public class MyFilterSecurityInterceptor  extends AbstractSecurityInterceptor implements Filter {
//    private MyInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;
////    private MyAccessDecisionManager myAccessDecisionManager;
//    @Autowired
//    public void setMyAccessDecisionManager(AccessDecisionManager AccessDecisionManager) {
//        super.setAccessDecisionManager(AccessDecisionManager);
//    }
//    /**
//     * 登录后 每次请求都会调用这个拦截器进行请求过滤
//     * @param request
//     * @param response
//     * @param chain
//     * @throws IOException
//     * @throws ServletException
//     */
//    @Override
//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
//        log.info("--------Filter-----------");
//        FilterInvocation fi = new FilterInvocation(request, response, chain);
//        invoke(fi);
//    }
//
//    @Override
//    public Class<?> getSecureObjectClass() {
//        return FilterInvocation.class;
//    }
//
//    @Override
//    public SecurityMetadataSource obtainSecurityMetadataSource() {
//        return this.myInvocationSecurityMetadataSourceService;
//    }
//
//
//    public void invoke(FilterInvocation fi) throws IOException, ServletException {
//        //fi里面有一个被拦截的url
//        //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
//        //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
//        InterceptorStatusToken token = super.beforeInvocation(fi);
//        try {
//            //执行下一个拦截器
//            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
//        } finally {
//            super.afterInvocation(token, null);
//        }
//    }
//
//}
